Re: Are we done with draft-hoffman-ftp-uri-02.txt? from Graham Klyne on 2004-10-29 (uri@w3.org from October 2004)

From: Graham Klyne <GK@ninebynine.org>
Date: Fri, 29 Oct 2004 16:22:38 +0100
To: Paul Hoffman / IMC <phoffman@imc.org>, uri@w3.org
Message-Id: <5.1.0.14.2.20041029160735.0252dc08@127.0.0.1>

Paul,

Responding to your call for review, I took a look and generally I think it 
looks fine, but I do have a couple of comments/questions:

...

1.  Introduction, and elsewhere:

I assume this reference:
   draft-fielding-uri-rfc2396bis [2396bis]
will be updated as this goes forward for publication?

...

2.  Scheme Definition:
[[
    A FTP URL follows the standard syntax described in
    draft-fielding-uri-rfc2396bis [2396bis].  If :<port> is omitted, the
    port defaults to 21.
]]
That's the command channel port, right?  Does the FTP URI spec have 
anything to say about the data channel port?  I guess not.

...

2.2  FTP url-path:
[[
    Historical note: Most FTP client implementations precede the <cwd1>
    with a "/" before sending the CWD command.  This is arguably in
    conflict with RFC 1738, although the practice is quite widespread.
    Thus, a client that is presented with the URL
    <URL:ftp://myname@example.com/abc/def> might send the two commands
    "CWD /abc" and "RETR def" or it might send the two commands "CWD abc"
    and "RETR def".  Server implementers should be aware of these two
    different interpretations of the same URL.
]]

That looks like a potential security problem to me... shouldn't FTP servers 
avoid allowing accesses outside the indicated user's area (subtree)?

I don't recall the details of how FTP works here, but is this topic worth a 
note under security considerations?

...

#g

At 18:19 28/10/04 -0700, Paul Hoffman / IMC wrote:

>In a previous message, I said:
>
>>I updated the "ftp" draft to reflect the discussion on the list; it is 
>>now available as draft-hoffman-ftp-uri-02.txt. I think I got it right, 
>>but having folks review it would be great. Is it done, or did I mess up, 
>>or did I get it right but it could use more explanation?
>>  . . .
>>         Title           : The ftp URI Scheme
>>         Author(s)       : P. Hoffman
>>         Filename        : draft-hoffman-ftp-uri-02.txt
>>         Pages           : 5
>>         Date            : 2004-10-21
>>
>>A URL for this Internet-Draft is:
>>http://www.ietf.org/internet-drafts/draft-hoffman-ftp-uri-02.txt
>
>It would be grand to hear if anyone has any further refinements that they 
>want made to this draft in the next few weeks.
>
>--Paul Hoffman, Director
>--Internet Mail Consortium

------------
Graham Klyne
For email:
http://www.ninebynine.org/#Contact

Received on Friday, 29 October 2004 15:54:21 UTC